• oDDmON@lemmy.world
    link
    fedilink
    English
    arrow-up
    45
    ·
    8 months ago

    TL;DR? > The problem is strictly speaking not even in curl code. It comes with the version of LibreSSL that Apple ships and builds curl to use on their platforms.

    But because they’re Apple (right next to the Pope, for infallibility), they know best; same old story, rinse’n’repeat.

    Really liked their stuff back in the day. Now? It’s another walled garden they scrabble to maintain.

  • Mac@federation.red
    link
    fedilink
    English
    arrow-up
    15
    ·
    8 months ago

    LibreSSL is the fucking bane of my existence at work. So many issues caused by the keys it spits out vs others.

    • Illecors@lemmy.cafe
      link
      fedilink
      English
      arrow-up
      3
      ·
      8 months ago

      Never had the chance to seriously look into libressl. Do you think it would work fine if most of the world was running it rather than openssl?

      • Mac@federation.red
        link
        fedilink
        English
        arrow-up
        4
        ·
        8 months ago

        Probably so, but Apple is the only one I’ve encountered actually using it. The whole point is it’s supposed to be backwards compatible and it’s just not

        • rottingleaf@lemmy.zip
          link
          fedilink
          English
          arrow-up
          3
          ·
          8 months ago

          If you meant that they’ve dropped plenty of openssl functionality - well, the whole purpose of the fork was to refactor it into something less scary. And since it was done by OpenBSD people - they have their own approach, not always culturally compatible with enterprise usage.

  • Brownian Motion@lemmy.world
    link
    fedilink
    English
    arrow-up
    10
    ·
    8 months ago

    Anyone still using LibreSSL and not OpenSSL, has only themselves to blame. Or their company or whoever is forcing it on them.

    • 0x0@programming.dev
      link
      fedilink
      English
      arrow-up
      2
      ·
      8 months ago

      OpenBSD forked OpenSSL due to HeartBleed. OpenBSD developers are generally regarded as quite on top of their game when it comes to security, so why the “still using LibreSSL” FUD?

  • 0x0@programming.dev
    link
    fedilink
    English
    arrow-up
    4
    ·
    8 months ago

    You can follow curl’s lead developer on mastodon: @bagder@mastodon.social, seems like a very reasonable guy.